Update common to v2.1.6

What does this MR do?

Bump common dependency to version: v2.1.6

Introduces more stable sort order (but no change) and updates one solution:

--- test/expect/gl-dependency-scanning-report.json	2019-03-21 09:29:36.000000000 -0700
+++ test/fixtures/gl-dependency-scanning-report.json	2019-04-08 16:01:06.000000000 -0700
@@ -105,7 +105,7 @@
       "message": "Broken Access Control vulnerability in Active Job",
       "cve": "sast-sample-rails/Gemfile.lock:activejob:cve:CVE-2018-16476",
       "severity": "Unknown",
-      "solution": "upgrade to ~\u003e 4.2.11, ~\u003e 5.0.7.1, ~\u003e 5.1.6.1, \u003e= 5.2.1.1",
+      "solution": "upgrade to ~\u003e 4.2.11, ~\u003e 5.0.7.1, ~\u003e 5.1.6.1, ~\u003e 5.1.7, \u003e= 5.2.1.1",
       "scanner": {
         "id": "bundler_audit",
         "name": "bundler-audit"

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer